On Mon, 13 May 2013 17:40:57 -0500
Bill Polhemus wrote:
I've added a couple of network ranges covering "known good" networks
like places of work, to the -i option for spamass-milter.
On 14.05.13 13:25, RW wrote:
That's really intended for local mail.
To be a bit more precise: It's also for mail delivery within internal
network, where e.g. mail was already acepted by onw of your mailsevers and
should not be rejected at this stage (the client won't see the rejetion
notice and it could cause your mail server to send backscatter).
The spamass-milter man-page says this will cause sa-m to "ignore
messages if the originating IP" is in that list.
But what I'm seeing in the logs, is it looks at the very last "from"
address - in my case that's 127.0.0.1 since I'm using Fetchmail and
then tossing to Sendmail. So this check is doing nothing for me.
That seems to indicate sa-m will only look at the very last
"Received:" header. Is that right?
Actually, sa-milter does NOT look at Received: headers. There's no Received:
header at time sa-milter looks at the message. Sa-milter must fake a
Received: header for SpamAssassin instead.
SA-milter gets the client's IP address from sendmail(/postix) and only
checks this one in allowed networks.
No, presumably it's because it's making the other received headers
look faked. You probably need to add 127.0.0.1 to "internal_networks".
it should be there by default.
You might also need to get fetchmail to add a received header if it
isn't already (I think that's on by default).
This would not affect milter's decision as long as the mail is received from
localhost.
Unless you have a good reason to pass the mail to sendmail, I wouldn't
do it that way.
Precisely. There's no ACTUAL origin address at this stage - you received
this mail from localhost (fetchmail) who has received from your mailserver
and If you don't wanty to scan mail from those, you apparently want to scan
no mail at all.
If you receive mail from multiple hosts and want to skip scanning only some,
you can still try pushing using another IP on e.g. dummy network interface
and use that IP in milter config.
Otherwise just keep the Received: parsing on SA.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
My mind is like a steel trap - rusty and illegal in 37 states.
